Apple: Software flaws in latest WikiLeaks docs are all fixed

Apple: Software flaws in latest WikiLeaks docs are all fixed

In this Friday, Sept. 16, 2016, file photo, a customer sets up his new iPhone 7 Plus, right, as he switches from the iPhone 6 at the Apple Store on Michigan Avenue during the release of the Apple iPhone 7 and the latest Apple Watches, in Chicago. New documents from WikiLeaks, posted Thursday, March 23, 2017, point to an apparent CIA program to hack Apple’s iPhones and Mac computers such that the exploits persist even after the devices are reset to factory conditions. Apple says the purported hacking techniques have all been fixed in recent iPhones and Mac computers. (AP Photo/Kiichiro Sato, File) Apple said purported hacking vulnerabilities disclosed by WikiLeaks this week have all been fixed in recent iPhones and Mac computers. The documents released by the anti-secrecy site Thursday morning pointed to an apparent CIA program to hack Apple devices using techniques that users couldn’t disable by resetting their devices.
The iPhone hack was limited to the 3G model from 2008. In a statement late Thursday, Apple said the flaw was fixed with the release of the iPhone 3GS a year later. Apple also said the Mac vulnerabilities were all fixed in all Macs launched after 2013.
Apple’s statement was consistent with assessments from security experts, who say that many of the apparent vulnerabilities were in older technology. Apple is going further in saying those flaws have all been fixed, based on its preliminary analysis.
Security experts say the exploits described in the WikiLeaks documents are plausible, but suggest they pose little threat to typical users. Besides being likely out of date, the techniques also typically require physical access to devices, something the CIA would use only for targeted individuals, not a broader population.
The CIA has not commented on the authenticity of this and earlier WikiLeaks revelations, but has previously said it complies with a legal prohibition against electronic surveillance ”targeting individuals here at home, including our fellow Americans.” In this Saturday, June 18, 2016, file photo, customers try out Apple iPhone 6s models on display at an Apple Store in Beijing. New documents from WikiLeaks, posted Thursday, March 23, 2017, point to an apparent CIA program to hack Apple’s iPhones and Mac computers such that the exploits persist even after the devices are reset to factory conditions. Apple says the purported hacking techniques have all been fixed in recent iPhones and Mac computers. (AP Photo/Mark Schiefelbein, File) The leaks Thursday came about two weeks after WikiLeaks published thousands of alleged CIA documents describing hacking tools it said the government employed to break into computers, mobile phones and even smart TVs from companies like Apple, Google, Microsoft and Samsung. WikiLeaks has offered to share further details with tech companies to help them fix flaws, though accepting such information might subject companies to certain conditions and put government contracts at risk.
Apple addressed the offer for the first time in Thursday’s statement.”We have not negotiated with WikiLeaks for any information,” the statement read. ”We have given them instructions to submit any information they wish through our normal process under our standard terms. Thus far, we have not received any information from them that isn’t in the public domain.”
Apple said that while it takes users’ security and privacy seriously, ”we do not condone theft or coordinate with those that threaten to harm our users.”
Earlier, Microsoft said WikiLeaks had made initial contact through its public reporting channel, ”and we have followed up, treating them as we would any other finder.” Mozilla, the organization behind the Firefox web browser, also said it had been contacted through the email address it uses for security vulnerability reporting. Mozilla said it would take steps necessary to fix any vulnerabilities reported that way.
Explore further:Apple, Samsung vow to fix flaws, after CIA hacking report